One-Shot Hacking

The One Shot Hacking service aims to detect and report all vulnerabilities
and security issues within one specific version of your application.
The rigorous inspection carried out by our team allows us to detect
all existing security issues with no false positives.

Hacking techniques

It’s possible to perform source code,
application or infrastructure Ethical Hacking.
Customers are able to choose which hacking technique best suits their needs
to fulfill each system’s required security assessment.

Coverage

Ethical Hacking can be done to achieve specific coverage,
variable coverage or full coverage.

Specific coverage refers to a system
where its overall size can be assessed
(application fields, lines of code, open ports)
and the customer chooses to cover only a specific percentage of the system.

Variable coverage refers to a system where its overall size cannot be assessed
and specific scope is predefined
(fixed number of application fields, lines of code or open ports).
Ethical Hacking ends when the target size is achieved,
regardless of the total size the system has.

Full coverage refers to a system where its overall size can be assessed
(application fields, lines of code, open ports)
and the customer chooses to cover the entire system.

Severity

Customers are able to decide which security requirements will be tested
on each Ethical Hacking (Profiling)
through our Rules product.

Duration

Inspection Cycles

One-shot Ethical hacking seeks to attack a single version of your application,
therefore it has only one inspection cycle on the selected system.

Follow up

Each project will have a project manager,
so customers can express their needs before, during and after execution.

Scheduled ethical hacking

After all requirements to start an Ethical hacking have been met,
each attack will have a defined start and end date.

Hacking environments

Customers are able to choose one hacking environment
from their available software environments
(production, development, integration, etc.)

Highly trained hacking team

Our hackers are certified in practical hacking in real scenarios,
and have academic backgrounds related to security testing.
They are able to perform manual hacking and also use tools
to guarantee the reporting of several types of findings
including those with specific business impacts,
those regarding insecure programming practices,
and those regarding standard alignment and security regulation compliance.
This enables us to detect Zero Day findings,
all with no false positive reports.

Exploitation

As long as we have access to deployed applications and customer authorization,
using our own exploitation engine Asserts.